Understanding IDP Application-Level DDoS Rulebases
The application-level DDoS rulebase defines parameters used to protect servers, such as DNS or HTTP, from application-level distributed denial-of-service (DDoS) attacks. You can set up custom application metrics based on normal server activity requests to determine when clients should be considered an attack client. The application-level DDoS rulebase is then used to defines the source match condition for traffic that should be monitored, then takes the defined action: close server, drop connection, drop packet, or no action. It can also perform an IP action: ip-block, ip-close, ip-notify, or timeout. Table 43 summarizes the options that you can configure in the application-level DDoS rulebase rules.
Table 43: Application-Level DDoS Rulebase Components
Term | Definition |
---|---|
Match condition | Specify the network traffic you want the device to monitor for attacks. |
Action | Specify the actions you want Intrusion Detection and Prevention (IDP) to take when the monitored traffic matches the application-ddos objects specified in the application-level DDoS rule. |
IP Action | Enables you to implicitly block a source address to protect the network from future intrusions while permitting legitimate traffic. You can configure one of the following IP action options in application-level DDoS: ip-block, ip-close, and ip-notify. |
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- IDP Policies Overview
- Understanding IDP Policy Rulebases
- Understanding IDP Policy Rules
- IDP Application-Level DDoS Attack Overview
- IDP Application-Level DDoS Protection Overview
- Example: Enabling IDP Protection Against Application-Level DDoS Attacks (CLI)